[jmolin8808]

Hello,
I am trying to find a software that will allow my clients to send me large (100mb +) files straight onto one of my external hard drives. I know these programs exist, but I don't know where to start and which one would be the most reliable.

Right now my clients go onto yousendit.com but this can take hours sometimes. Especially when you add up all the time spent uploading, waiting for yousendit to email, then re-downloading. All your help would be greatly appreciated.

thanks!

JAMES

[david8776]

Just build a FTP and tell your clients the account to transfer the files there.

[jmolin8808]

I know I need an FTP server, but I need to find a stable software that plays nice with all the internet browzers.

[jmolin8808]

* browsers

Sorry its still early...

[besson3c]

Web based solutions are not a terribly good idea for this sort of thing, as you will probably end up having to play with your Apache config a far bit to find settings that won't result in disrupted file transfers. Besides, while there are tools that will provide you upload progress bars, they tend to be complicated. When you upload to something like YouTube you just get the spinny wheel thing. Many of your clients may have no idea how long it will take for them to upload a file, and with no feedback may become frustrated with uploading through the web.

I would discourage very strongly using FTP, as protocols that involve sending passwords in the clear should be avoided unless absolutely unavoidable (and when you think they are unavoidable, question this, because they very frequently aren't).

What I would suggest is one of the following:

1) SSH/SFTP/scp
2) WebDAV (secure WebDAV would be better, although you could probably get away with using straight DAV if you setup a separate dummy user/pass for this authentication)
3) AFP

[Chuckit]

Originally Posted by besson3c 

I would discourage very strongly using FTP, as protocols that involve sending passwords in the clear should be avoided unless absolutely unavoidable

Eh, not if there's no sensitive information involved and you don't use the same password for everything.

[jmolin8808]

thanks for the input. A progress bar is something I'm definately looking for, this is the main reason we started using yousendit.com since designers would call saying file transfers were not going through.

Also, data being sent are just high DPI images, so basic security would be fine.

WebDav seems promising, but I cannot access their site.

Any end user software solutions you might recommend?

[OreoCookie]

Use a sftp -- it works right out of the box with OS X.
(1) Activate Remote Login in the Sharing Prefs.
(2) Tell your router to forward port incoming traffic from port 8022 to your machine at port 22. Have a look at your browser's documentation for that.
(3) Create a user account for your client (or all clients if security isn't a concern of yours).
(4) Share the account's password.
(5) If you don't have a fixed IP to your computer, use dyndns.org to get one.
(6) Tell your clients to use an sftp client (many Windows ftp clients can do sftp as well, e. g. FileZilla or WinSCP; all Mac ftp programs I know of work fine, too, say Fugu, CyberDuck or Transmit). They can connect to [computer name].dyndns.org using [client's account name] and their password on port 8022.
(7) There is no step 7.

Just another comment: since both solutions are just as easy/hard to setup, you should go for the more secure alternative! Also, there is no easier way to set this up. If you have problems to configure your router, the Networking forum is at your disposal.

[mduell]

There is an easier way to set this up: https://www.foldershare.com/
It's free, it's automated, it's encrypted.

No forwarding ports, figuring out IPs, sharing passwords, or anything like that. Just sync a "drop box" folder on their machine to a folder on yours (one folder on your system for each client). And it works no matter where you or they are on the internet.

I use it to sync about a half dozen folders with other users.

[moep]

fluxiom - capture, manage, access and deliver content across your enterprise looks quite impressive.
Someone told me about it while ago but I have no use for it - just check it out.

(I have to say that it does seem way overpriced to me.)

[besson3c]

Originally Posted by Chuckit 

Eh, not if there's no sensitive information involved and you don't use the same password for everything.

It's unfortunate that so many people believe this, because this is false. Anytime an account can be compromised, it will likely be used, and the usage of this exploited account reflects back upon *you*. In a way, this is identity theft.

[besson3c]

Originally Posted by jmolin8808 

thanks for the input. A progress bar is something I'm definately looking for, this is the main reason we started using yousendit.com since designers would call saying file transfers were not going through.

Also, data being sent are just high DPI images, so basic security would be fine.

WebDav seems promising, but I cannot access their site.

Any end user software solutions you might recommend?

WebDAV is a protocol (the same protocol the .Mac iDisk uses), not a web service.

[besson3c]

Originally Posted by OreoCookie 

Use a sftp -- it works right out of the box with OS X.
(1) Activate Remote Login in the Sharing Prefs.
(2) Tell your router to forward port incoming traffic from port 8022 to your machine at port 22. Have a look at your browser's documentation for that.
(3) Create a user account for your client (or all clients if security isn't a concern of yours).
(4) Share the account's password.
(5) If you don't have a fixed IP to your computer, use dyndns.org to get one.
(6) Tell your clients to use an sftp client (many Windows ftp clients can do sftp as well, e. g. FileZilla or WinSCP; all Mac ftp programs I know of work fine, too, say Fugu, CyberDuck or Transmit). They can connect to [computer name].dyndns.org using [client's account name] and their password on port 8022.
(7) There is no step 7.

Just another comment: since both solutions are just as easy/hard to setup, you should go for the more secure alternative! Also, there is no easier way to set this up. If you have problems to configure your router, the Networking forum is at your disposal.

The default SSH port is port 22, not 8022.

[Chuckit]

Originally Posted by besson3c 

It's unfortunate that so many people believe this, because this is false. Anytime an account can be compromised, it will likely be used, and the usage of this exploited account reflects back upon *you*. In a way, this is identity theft.

How does it reflect back on me if somebody uses an account that's only good for uploading files into a chrooted folder? Nobody else is even going to know. There's no identity to steal.

[Westbo]

Originally Posted by besson3c 

Web based solutions are not a terribly good idea for this sort of thing, as you will probably end up having to play with your Apache config a far bit to find settings that won't result in disrupted file transfers. Besides, while there are tools that will provide you upload progress bars, they tend to be complicated. When you upload to something like YouTube you just get the spinny wheel thing. Many of your clients may have no idea how long it will take for them to upload a file, and with no feedback may become frustrated with uploading through the web.

I would discourage very strongly using FTP, as protocols that involve sending passwords in the clear should be avoided unless absolutely unavoidable (and when you think they are unavoidable, question this, because they very frequently aren't).

What I would suggest is one of the following:

1) SSH/SFTP/scp
2) WebDAV (secure WebDAV would be better, although you could probably get away with using straight DAV if you setup a separate dummy user/pass for this authentication)
3) AFP

I've never had a problem using FTP as a transfer vehicle and actually prefer it. It has been a very stable way to transfer large files. Fetch and Transmit are two solid apps that make uploading and downloading a snap. As for the password thing, it's no big deal. Over the past 10 years of using FTP, I've only had ONE client (a major bank) unable to use it and that was due to their firewall/security restrictions.

[besson3c]

Originally Posted by Chuckit 

How does it reflect back on me if somebody uses an account that's only good for uploading files into a chrooted folder? Nobody else is even going to know. There's no identity to steal.

What if child porn was uploaded, and this repository was shared with others?

I'm not saying this is likely, I'm not trying to sound tinfoil hatty, but when this can be avoided pretty easily with simple and smart practices, I say go for the low dangling fruit.

[besson3c]

Originally Posted by Westbo 

I've never had a problem using FTP as a transfer vehicle and actually prefer it. It has been a very stable way to transfer large files. Fetch and Transmit are two solid apps that make uploading and downloading a snap. As for the password thing, it's no big deal. Over the past 10 years of using FTP, I've only had ONE client (a major bank) unable to use it and that was due to their firewall/security restrictions.

Obtaining your password, especially when it is used for other things as well, but even regardless, is a big deal... period.

Yes, the protocol itself works fine, and yes it can be used in certain environments, but it is not safe and suitable for exposing to the internet, even though many do.

[Westbo]

Originally Posted by besson3c 

Obtaining your password, especially when it is used for other things as well, but even regardless, is a big deal... period.

Yes, the protocol itself works fine, and yes it can be used in certain environments, but it is not safe and suitable for exposing to the internet, even though many do.

Exposing WHAT!?

I have the impression jmolin8808 needs to send high DPI, and what I am assuming are, image or graphic files. This probably is not high security stuff.

However, if this is an issue...
A- use a password unique to the FTP and not your bank account.
B- Don't put anything sensitive up there.

[Chuckit]

Originally Posted by besson3c 

What if child porn was uploaded, and this repository was shared with others?

Upload it to 420chan?

Originally Posted by besson3c 

I'm not saying this is likely, I'm not trying to sound tinfoil hatty, but when this can be avoided pretty easily with simple and smart practices, I say go for the low dangling fruit.

Define "simple." To my knowledge, setting up an SFTP server is not simple for the average user, but maybe I've just been doing it the hard way. And I mean, I'm not saying SFTP is a bad idea, just that I don't feel it's absolutely necessary in simple cases.

[OreoCookie]

Originally Posted by Chuckit 

Define "simple." To my knowledge, setting up an SFTP server is not simple for the average user, but maybe I've just been doing it the hard way. And I mean, I'm not saying SFTP is a bad idea, just that I don't feel it's absolutely necessary in simple cases.

Huh? Setting up an sftp server with OS X is as difficult as setting up an ftp server: just activate Remote Login (instead of FTP) in the Sharing Prefs. Why do you say is it more difficult? (In case of FTP, you would also need to configure an IP and port forwarding, the steps are essentially the same.)

[besson3c]

Originally Posted by Westbo 

Exposing WHAT!?

I have the impression jmolin8808 needs to send high DPI, and what I am assuming are, image or graphic files. This probably is not high security stuff.

However, if this is an issue...
A- use a password unique to the FTP and not your bank account.
B- Don't put anything sensitive up there.

By default OS X uses system passwords for FTP. For this and other reasons as being discussed with Chuckit, it is a bad practice to use FTP.

Sure you *could* get away with FTP, and probably the threat is very low here... I'm just saying that it is not a good practice.

[besson3c]

Originally Posted by Chuckit 

Upload it to 420chan?


Define "simple." To my knowledge, setting up an SFTP server is not simple for the average user, but maybe I've just been doing it the hard way. And I mean, I'm not saying SFTP is a bad idea, just that I don't feel it's absolutely necessary in simple cases.

If you are talking about the default OS X GUI enable, SFTP is one checkbox versus another... What is the problem here?

Outside of OS X, setting up OpenSSH is no harder than setting up FTP.

[OreoCookie]

Originally Posted by Westbo 

I have the impression jmolin8808 needs to send high DPI, and what I am assuming are, image or graphic files. This probably is not high security stuff.

If you have the option of making a secure solution with exactly the same effort (checking another checkbox, opening different ports), why wouldn't you choose the more secure solution?

[Chuckit]

D'oh, you are indeed correct. I guess I'd forgotten that. Has it always been there?

[besson3c]

Originally Posted by Chuckit 

D'oh, you are indeed correct. I guess I'd forgotten that. Has it always been there?

Yeah... Enabling remote login enables incoming SSH, SFTP, rsync over SSH, SSHfs, and scp capability.

[glypht]

Would Rumpus* be any good?

Rumpus: The Complete Internet File Transfer Solution For Macintosh

Personally, we use QuiXplorer on our webserver for sharing files and Pando for receiving them. While QuiXplorer is technically capable of receiving files, the lack of a progress bar meant most users thought it wasn't working.

(*not cheap.)

[jmolin8808]

I really like everything about rumpus - the price. Only time I have paid anything close to that was for Apple Programs (which are elegant/beautiful) and CS1-3 (required for my job).

My dream solution would be an ftp plug in that would allow me to have an upload button, status bar, then email my designer to let her know that there is a new file.

The price (if nothing else is out there) might be worth it if it keeps my designer happy. To me thats number one.

[Westbo]

Originally Posted by OreoCookie 

If you have the option of making a secure solution with exactly the same effort (checking another checkbox, opening different ports), why wouldn't you choose the more secure solution?

And to your point, if not necessary, why bother?

[OreoCookie]

Originally Posted by Westbo 

And to your point, if not necessary, why bother?

… because it's better not to give third parties extra information they shouldn't have. Information they could use to corrupt the system (e. g. user names and passwords).

Also, out of laziness, people usually continue to use their non-secure information even for things that should be kept private. ftp is obsolete for exchanging data, but since people are inherently lazy, they haven't established a safer alternative (I'm not saying there are none, but that few people use them).

[besson3c]

Originally Posted by Westbo 

And to your point, if not necessary, why bother?

Because there are many insecure systems that exist based on the premise that the security is not necessary when it actually is, only for this to be discovered after-the-fact.

Building security into any system, and more than you think you'll need is usually a good idea to give you some room to grow. In today's day and age, it is just completely foolish (I'd say stupid) to build any new systems around FTP.

FTP needs to go away for anything but anonymous read access. Apple was seriously very smart to not design write access to FTP servers within the Finder. If Apple is really at the forefront of technology, they should not be encouraging the usage of outdated protocols and technologies. I'd quite happy they didn't, and I wouldn't be surprised if they made this conscious decision for this reason.

[brokenjago]

Pando.

Pando.com

[jmolin8808]

Originally Posted by brokenjago 

Pando.

Pando.com

Pando wont help at all.. its just a P2P with IM and email tools.

thanks anyways though..